lecture notes in computer science 10489 - springer978-3-319-66284-8/1.pdf · lecture notes in...
Post on 12-Oct-2018
213 Views
Preview:
TRANSCRIPT
Lecture Notes in Computer Science 10489
Commenced Publication in 1973Founding and Former Series Editors:Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board
David HutchisonLancaster University, Lancaster, UK
Takeo KanadeCarnegie Mellon University, Pittsburgh, PA, USA
Josef KittlerUniversity of Surrey, Guildford, UK
Jon M. KleinbergCornell University, Ithaca, NY, USA
Friedemann MatternETH Zurich, Zurich, Switzerland
John C. MitchellStanford University, Stanford, CA, USA
Moni NaorWeizmann Institute of Science, Rehovot, Israel
C. Pandu RanganIndian Institute of Technology, Madras, India
Bernhard SteffenTU Dortmund University, Dortmund, Germany
Demetri TerzopoulosUniversity of California, Los Angeles, CA, USA
Doug TygarUniversity of California, Berkeley, CA, USA
Gerhard WeikumMax Planck Institute for Informatics, Saarbrücken, Germany
More information about this series at http://www.springer.com/series/7408
Stefano Tonetta • Erwin SchoitschFriedemann Bitsch (Eds.)
Computer Safety,Reliability, and SecuritySAFECOMP 2017 WorkshopsASSURE, DECSoS, SASSUR, TELERISE, and TIPSTrento, Italy, September 12, 2017Proceedings
123
EditorsStefano TonettaFondazione Bruno KesslerTrentoItaly
Erwin SchoitschAustrian Institute of Technology GmbH AITViennaAustria
Friedemann BitschThales Deutschland GmbHDitzingenGermany
ISSN 0302-9743 ISSN 1611-3349 (electronic)Lecture Notes in Computer ScienceISBN 978-3-319-66283-1 ISBN 978-3-319-66284-8 (eBook)DOI 10.1007/978-3-319-66284-8
Library of Congress Control Number: 2017952205
LNCS Sublibrary: SL2 – Programming and Software Engineering
© Springer International Publishing AG 2017This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of thematerial is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting, reproduction on microfilms or in any other physical way, and transmission or informationstorage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology nowknown or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoes not imply, even in the absence of a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in this book arebelieved to be true and accurate at the date of publication. Neither the publisher nor the authors or the editorsgive a warranty, express or implied, with respect to the material contained herein or for any errors oromissions that may have been made. The publisher remains neutral with regard to jurisdictional claims inpublished maps and institutional affiliations.
Printed on acid-free paper
This Springer imprint is published by Springer NatureThe registered company is Springer International Publishing AGThe registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
Preface
For many years now, the SAFECOMP conference has had a successful add-on – theSAFECOMP workshop day, preceding the main conference. The SAFECOMPworkshops have become particularly attractive since they started generating their ownproceedings in the Springer LNCS series (Springer LNCS vol. 10489, the book in yourhands; the main conference proceedings are LNCS 10488). This has meant adhering toSpringer’s standards, i.e., the respective International Program Committee of eachworkshop had to make sure that at least three independent reviewers reviewed thepapers carefully. The selection criteria were different from the those for the mainconference since authors were encouraged to submit workshop papers, i.e., on work inprogress and on potentially controversial topics. In total, 39 regular papers wereaccepted.
All five workshops (selected from six proposals) are sequels to earlier workshops,organized by well-known chairs and respected Program Committees, which showscontinuity of their relevance to the scientific and industrial community that deals withsafety, reliability, and security of computer (control) systems:
• ASSURE 2017 – 5th International Workshop on Assurance Cases forSoftware-Intensive Systems, chaired by Ewen Denney, Ibrahim Habli, Ganesh Pai,and Kenji Taguchi (full day);
• DECSoS 2017 – 12th ERCIM/EWICS/ARTEMIS Workshop on DependableEmbedded and Cyber-physical Systems and Systems-of-Systems, chaired byErwin Schoitsch and Amund Skavhaug (full day);
• SASSUR 2017 – 6th International Workshop on Next Generation of SystemAssurance Approaches for Safety-Critical Systems, chaired by Alejandra Ruiz, JoseLuis de la Vara, and Tim Kelly (full day);
• TIPS 2017 – 2nd International workshop on Timing Performance in Safety Engi-neering, chaired by Chokri Mraida, Laurent Rioux, Julio L. Medina, andMarc Geilen (half day);
• TELERISE 2017 – 3rd International Workshop on Technical and Legal Aspects ofData Privacy and Security, chaired by Ilaria Matteucci, Paolo Mori, andMarinella Petrocchi (full day; this workshop is new to the SAFECOMP conferenceseries, although not the first one in its life time).
Similar to the SAFECOMP conference, the workshops provide a truly internationalplatform for academia and industry.
It has been a pleasure to work with my general co-chair, Stefano Tonetta, myworkshop co-chair Amund Skavhaug, and particularly with the publication chairFriedemann Bitsch, the workshop chairs, the workshop Program Committees, and theauthors. Thank you all for your good cooperation and excellent work!
September 2017 Erwin Schoitsch
Organization
EWICS TC7 Chair
Francesca Saglietti University of Erlangen-Nuremberg, Germany
Conference Co-chairs
Stefano Tonetta FBK Fondazione Bruno Kessler, ItalyErwin Schoitsch AIT Austrian Institute of Technology, Austria
Program Co-chairs
Erwin Schoitsch AIT Austrian Institute of Technology, AustriaStefano Tonetta FBK Fondazione Bruno Kessler, Italy
Workshop Chair
Erwin Schoitsch AIT Austrian Institute of Technology, Austria
Publication Chair
Friedemann Bitsch Thales Deutschland GmbH, Germany
Local Organizing Committee
Annalisa Armani FBK Fondazione Bruno Kessler, ItalySilvia Malesardi FBK Fondazione Bruno Kessler, ItalyStefano Tonetta FBK Fondazione Bruno Kessler, Italy
Workshop Chairs
ASSURE 2017
Ewen Denney SGT/NASA Ames Research Center, USAIbrahim Habli University of York, UKGanesh Pai SGT/NASA Ames Research Center, USAKenji Taguchi AIST, Japan
DECSoS 2017
Erwin Schoitsch AIT Austrian Institute of Technology, AustriaAmund Skavhaug NTNU, Norway
SASSUR 2017
Alejandra Ruiz Lopez Tecnalia, SpainJose Luis de La Vara Carlos III University of Madrid, SpainHuascar Espinoza ESI Tecnalia, Spain
TELERISE 2017
Ilaria Matteucci IIT-CNR, ItalyPaolo Mori IIT-CNR, ItalyMarinella Petrocchi IIT-CNR, Italy
TIPS 2017
Laurent Rioux Thales R&T, FranceChokri Mraidha CEA List, FranceMarc Geilen Eindhoven University of Technology, The NetherlandsJulio Medina Universidad de Cantabria, Spain
VIII Organization
Supporting Institutions
European Workshop on Industrial ComputerSystems Reliability, Safety and Security
Fondazione Bruno Kessler
Austrian Institute of Technology
Thales Deutschland GmbH
Lecture Notes in Computer Science (LNCS),Springer Science + Business Media
European Space Agency
Austrian Association for Research in IT
Austrian Computer Society
Organization IX
European Research Consortiumfor Informatics and Mathematics
ARTEMIS Industry Association
Electronic Components and Systemsfor European Leadership - Austria
German Computer Society
European Network of Clubs for Reliabilityand Safety of Software-Intensive Systems
IEEE SMC Technical Committee onHomeland Security (TCHS)
Associazione Italiana per l’Informatica e ilCalcolo Automatico
Verband österreichischer Software Industrie –Austrian Software Industry Association
X Organization
Contents
5th International Workshop on Assurance Cases for Software-IntensiveSystems (ASSURE 2017)
Making the Case for Safety of Machine Learning in HighlyAutomated Driving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Simon Burton, Lydia Gauerhof, and Christian Heinzemann
A Thought Experiment on Evolution of Assurance Cases —froma Logical Aspect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Shuji Kinoshita and Yoshiki Kinoshita
Using an Assurance Case Framework to Develop Security Strategyand Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Robin Bloomfield, Peter Bishop, Eoin Butler, and Kate Netkachova
Uniform Model Interface for Assurance Case Integrationwith System Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Andrzej Wardziński and Paul Jones
ExplicitCase: Integrated Model-Based Development of Systemand Safety Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Carmen Cârlan, Simon Barner, Alexander Diewald,Alexandros Tsalidis, and Sebastian Voss
D-Case Communicator: A Web Based GSN Editorfor Multiple Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Yutaka Matsuno
Towards Combined Safety and Security Constraints Analysis . . . . . . . . . . . . 70Daniel Pereira, Celso Hirata, Rodrigo Pagliares,and Simin Nadjm-Tehrani
Attack Modeling for System Security Analysis (Position Paper) . . . . . . . . . . 81Abdullah Altawairqi and Manuel Maarek
Reconciling Systems-Theoretic and Component-Centric Methodsfor Safety and Security Co-analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
William G. Temple, Yue Wu, Binbin Chen, and Zbigniew Kalbarczyk
12th International ERCIM/EWICS/ARTEMIS Workshopon Dependable Smart Embedded Cyber-Physical Systemsand Systems-of-Systems (DECSoS 2017)
Analysis of Potential Code Vulnerabilities InvolvingOverlapping Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Loui Al Sardy, Tong Tang, Marc Spisländer, and Francesca Saglietti
Increasing Dependability in Safety Critical CPSsUsing Reflective Statecharts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Miren Illarramendi, Leire Etxeberria, Xabier Elkorobarrutia,and Goiuria Sagardui
A Survey of Hardware Technologies for Mixed-Critical IntegrationExplored in the Project EMC2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Haris Isakovic, Radu Grosu, Denise Ratasich, Jiri Kadlec, Zdenek Pohl,Steve Kerrison, Kyriakos Georgiou, Kerstin Eder, Norbert Druml,Lillian Tadros, Flemming Christensen, Emilie Wheatley, Bastian Farkas,Rolf Meyer, and Mladen Berekovic
Safe Implementation of Mixed-Criticality Applications in MulticorePlatforms: A Model-Based Design Approach . . . . . . . . . . . . . . . . . . . . . . . 141
Pasquale Antonante, Juan Valverde-Alcalá, Stylianos Basagiannis,and Marco Di Natale
GSN Support of Mixed-Criticality Systems Certification . . . . . . . . . . . . . . . 157Carlos-F. Nicolas, Fernando Eizaguirre, Asier Larrucea, Simon Barner,Franck Chauvel, Goiuria Sagardui, and Jon Perez
Concepts for Reliable Communication in a Software-DefinedNetwork Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Ferdinand von Tüllenburg and Thomas Pfeiffenberger
Combining Safety and Security Analysis for Industrial CollaborativeAutomation Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Sándor Plósz, Christoph Schmittner, and Pál Varga
Software Updates in Safety and Security Co-engineering . . . . . . . . . . . . . . . 199Imanol Mugarza, Jorge Parra, and Eduardo Jacob
Detailed Analysis of Security Evaluation of Automotive Systems Basedon JASO TP15002 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Yasuyuki Kawanishi, Hideaki Nishihara, Daisuke Souma,and Hirotaka Yoshida
Systematic Composition of Services from Distributed Systemsfor Highly Dynamic Collaboration Processes . . . . . . . . . . . . . . . . . . . . . . . 225
Sebastian Müller and Peter Liggesmeyer
XII Contents
Safety Assurance for Autonomous and Collaborative MedicalCyber-Physical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Fabio L. Leite Jr., Rasmus Adler, and Patrik Feth
Safety-Aware Control of Swarms of Drones . . . . . . . . . . . . . . . . . . . . . . . . 249Amin Majd, Elena Troubitsyna, and Masoud Daneshtalab
6th International Workshop on Next Generation of SystemAssurance Approaches for Safety-Critical Systems (SASSUR 2017)
Representation of Safety Standards with Semantic TechnologiesUsed in Industrial Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
Jose Luis de la Vara, Álvaro Gómez, Elena Gallego, Gonzalo Génova,and Anabel Fraga
Automotive SPICE, Safety and Cybersecurity Integration . . . . . . . . . . . . . . . 273Georg Macher, Alexander Much, Andreas Riel, Richard Messnarz,and Christian Kreiner
Safety and Security Co-engineering and Argumentation Framework . . . . . . . 286Helmut Martin, Robert Bramberger, Christoph Schmittner,Zhendong Ma, Thomas Gruber, Alejandra Ruiz, and Georg Macher
Process Assessment in Supplier Selection for Safety-Critical Systemsin Nuclear Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Timo Varkoi and Risto Nevalainen
A Runtime Risk Assessment Concept for Safe Reconfigurationin Open Adaptive Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Nikita Bhardwaj and Peter Liggesmeyer
Assuring Degradation Cascades of Car Platoons via Contracts . . . . . . . . . . . 317Irfan Sljivo, Barbara Gallina, and Bernhard Kaiser
3rd International Workshop on TEchnical and LEgal Aspectsof Data pRIvacy and SEcurity (TELERISE 2017)
Transparent Personal Data Processing: The Road Ahead . . . . . . . . . . . . . . . 337Piero Bonatti, Sabrina Kirrane, Axel Polleres, and Rigo Wenning
The Use of Data Protection Regulatory Actions as a Data Sourcefor Privacy Economics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Aaron Ceross and Andrew Simpson
Automated Legal Compliance Checking by Security Policy Analysis. . . . . . . 361Silvio Ranise and Hari Siswantoro
Contents XIII
Access Control Policy Coverage Assessment Through Monitoring. . . . . . . . . 373Antonello Calabrò, Francesca Lonetti, and Eda Marchetti
Try Walking in My Shoes, if You Can: Accurate Gait RecognitionThrough Deep Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Giacomo Giorgi, Fabio Martinelli, Andrea Saracino,and Mina Sheikhalishahi
Security Flows in OAuth 2.0 Framework: A Case Study . . . . . . . . . . . . . . . 396Marios Argyriou, Nicola Dragoni, and Angelo Spognardi
PolEnA: Enforcing Fine-grained Permission Policies in Android . . . . . . . . . . 407Gabriele Costa, Federico Sinigaglia, and Roberto Carbone
Fast Estimation of Privacy Risk in Human Mobility Data. . . . . . . . . . . . . . . 415Roberto Pellungrini, Luca Pappalardo, Francesca Pratesi,and Anna Monreale
Security and Privacy in the Automotive Domain:A Technical and Social Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Zhendong Ma, Walter Seböck, Bettina Pospisil, Christoph Schmittner,and Thomas Gruber
One Click Privacy for Online Social Networks . . . . . . . . . . . . . . . . . . . . . . 435Philipp Hehnle, Pascal Keilbach, Hyun-Jin Lee, Sabrina Lejn,Daniel Steidinger, Marina Weinbrenner, and Hanno Langweg
2nd International Workshop on Timing Performance in SafetyEngineering (TIPS 2017)
Modeling Rover Communication Using Hierarchical State Machineswith Scala . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
Klaus Havelund and Rajeev Joshi
Towards Component-Based (max,+) Algebraic Throughput Analysisof Hierarchical Synchronous Data Flow Models . . . . . . . . . . . . . . . . . . . . . 462
Mladen Skelin and Marc Geilen
Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
XIV Contents
top related